That could be a really interesting project. I'm not sure how can I contribute, but I'd love to see that happen.
~Carlos On 10/14/12 3:10 PM, Ondřej Surý wrote: > Just a question - would anyone would be interested in joining a project to > build an OpenHardware FPGA-based HSM with focus on DNSSEC? > > O. > > On 16. 8. 2012, at 2:24, George Michaelson <g...@apnic.net> wrote: > >> I got 8 replies. 2 ccTLD, 2 root Ops, almost everyone in s/w development or >> operational related roles, and some independent consultants. >> >> Only one happy user, and I'd qualify that: they'd want a longterm migration >> plan off the device. This person is using Solaris. >> >> Everyone said avoid more than 255 keys on the device. Several said use the >> import/export mechanism. >> >> Two people explicitly mentioned the bad Linux driver. >> >> The overall tone of the (small sample) responses is: "this is not a good >> choice right now" >> >> >> My context is not DNSSEC, its RPKI, which has a far larger keypair >> requirement. Noting a suggestion to re-use keypairs, I'd still have to >> risk-manage future potential for multiple keys per hosted client, and exceed >> the on-card keystore size, so the suggestion to use the import/export >> features makes sense. Having said that, documentation on this is really >> scant, and its hard to confirm how easily you can manage this given there is >> no explicit OpenSSL PKCS11 support for managing PKCS12 wrapped objects, and >> you are therefore using a java or shell command to do the key import, >> followed by OpenSSL engine, followed by shell/java to remove the key. >> >> If you use a pure Java solution its probably more tenable. >> >> Thank you to everyone for the response. I hope this summary meets a sense of >> privacy, and OT posting. >> >> -G >> _______________________________________________ >> dns-operations mailing list >> dns-operations@lists.dns-oarc.net >> https://lists.dns-oarc.net/mailman/listinfo/dns-operations >> dns-jobs mailing list >> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs > -- > Ondřej Surý -- Chief Science Officer > ------------------------------------------- > CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC > Americka 23, 120 00 Praha 2, Czech Republic > mailto:ondrej.s...@nic.cz http://nic.cz/ > tel:+420.222745110 fax:+420.222745112 > ------------------------------------------- > > > > _______________________________________________ > dns-operations mailing list > dns-operations@lists.dns-oarc.net > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- -- Carlos M. Martinez LACNIC R+D http://www.labs.lacnic.net
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
